diff --git a/scripts/deploy-to-target.sh b/scripts/deploy-to-target.sh
index 504e482f..739fb2ca 100755
--- a/scripts/deploy-to-target.sh
+++ b/scripts/deploy-to-target.sh
@@ -651,6 +651,27 @@ PYEOF
       sudo mkdir -p /var/lib/archipelago/tor-config
       sudo chown -R archipelago:archipelago /var/lib/archipelago/dwn /var/lib/archipelago/content /var/lib/archipelago/federation /var/lib/archipelago/identities /var/lib/archipelago/tor-config 2>/dev/null || true
       echo "   Data directories OK"
+
+      # Rootless podman UID mapping: fix data dir ownership so container processes
+      # can write. Rootless podman maps container UIDs via subuid (container UID 0 →
+      # host UID 1000, container UID N → host UID 100000+N).
+      echo "   Fixing rootless podman UID mapping..."
+      # Containers running as root (UID 0 inside → host UID 100000 via subuid)
+      for dir in lnd electrumx btcpay nbxplorer immich jellyfin vaultwarden \
+                 home-assistant fedimint fedimint-gateway photoprism ollama filebrowser; do
+        [ -d "/var/lib/archipelago/$dir" ] && sudo chown -R 100000:100000 "/var/lib/archipelago/$dir" 2>/dev/null
+      done
+      # Bitcoin Knots: container UID 101 → host UID 100101
+      [ -d /var/lib/archipelago/bitcoin ] && sudo chown -R 100101:100101 /var/lib/archipelago/bitcoin 2>/dev/null
+      # Postgres containers: container UID 70 → host UID 100070
+      for dir in postgres-btcpay immich-db; do
+        [ -d "/var/lib/archipelago/$dir" ] && sudo chown -R 100070:100070 "/var/lib/archipelago/$dir" 2>/dev/null
+      done
+      # MariaDB: container UID 999 → host UID 100999
+      [ -d /var/lib/archipelago/mempool ] && sudo chown -R 100999:100999 /var/lib/archipelago/mempool 2>/dev/null
+      # Grafana: container UID 472 → host UID 100472
+      [ -d /var/lib/archipelago/grafana ] && sudo chown -R 100472:100472 /var/lib/archipelago/grafana 2>/dev/null
+      echo "   UID mapping done"
     ' 2>/dev/null || true
 
     # Deploy nostr-provider.js for NIP-07 iframe signing (window.nostr support)
@@ -869,7 +890,7 @@ MANIFEST_EOF
           -v /var/lib/archipelago/bitcoin:/home/bitcoin/.bitcoin \
           docker.io/bitcoinknots/bitcoin:latest \
           -server=1 \$BTC_EXTRA_ARGS \
-          -rpcallowip=127.0.0.1/32 -rpcallowip=10.88.0.0/16 -rpcbind=0.0.0.0:8332 \
+          -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 \
           -rpcuser=$BITCOIN_RPC_USER -rpcpassword=$BITCOIN_RPC_PASS \
           -dbcache=\$BTC_DBCACHE
         echo '   Bitcoin Knots started (sync may take hours)'